HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

261

262

263

264

265

266

267

268

269

270

254

Confi

uration item Descri

tion

Response Timeout Interval

Set the HWTACACS server response timeout time.

After sending an HWTACACS request (authentication, authorization, or

accounting request), the device starts this timer. If the device receives no

response from the server before this timer expires, it resends the request.

If you leave this field blank, the response timeout interval is restored to the

default value.

IMPORTANT:

HWTACACS is based on TCP. The timeout of the server response timeout timer or

the TCP timeout timer causes the NAS to be disconnected from the HWTACACS

server.

Quiet Interval

Specify the interval the primary server has to wait before being active.

If the primary server is not reachable, the device changes the server's status to

blocked, starts this timer for the server, and tries to communicate with a

secondary server in active state. After this timer expires, the device changes the

status of the primary server back to active.

If you leave this field blank, the quiet interval is restored to the default value.

Username Format

Set the format of the username sent to the HWTACACS server.

A username is typically in the format userid@isp-name, where isp-name

represents the name of the ISP domain to which the user belongs. However,

some HWTACACS servers cannot recognize usernames that contain an ISP

domain name. In this case, the device must remove the domain name of each

username before sending the username. You can set the username format on the

device for this purpose.

Options include:

• Without-domain—Configure the device to remove the domain name of a

username that is to be sent to the RADIUS server.

• With-domain—Configure the device to keep the domain name of a

username that is to be sent to the RADIUS server.

Unit of Data Flows

Specify the unit for data flows sent to the HWTACACS server for traffic

accounting.

The device periodically sends accounting updates to HWTACACS accounting

servers to report the traffic statistics of online users. For accurate accounting,

make sure that the units for data flows and packets on the device are consistent

with those configured on the HWTACACS servers.

Options include:

• Byte.

• Kilo-byte.

• Mega-byte.

• Giga-byte.

If you leave the field blank, the default unit is used.